Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
JR0ch17
January 25, 2022
Technology
56
0
Share
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
190
Getting Started in Bug Bounty
jr0ch17
0
170
Getting Blindly Lucky
jr0ch17
0
100
Qu'est-ce que le bug bounty?
jr0ch17
0
150
Finding 5 bugs in a single parameter
jr0ch17
0
120
Beyond the Borders of Scope
jr0ch17
1
95
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
明日からドヤれる!超マニアックなAWSセキュリティTips10連発 / 10 Ultra-Niche AWS Security Tips
yuj1osm
0
580
Rebirth of Software Craftsmanship in the AI Era
lemiorhan
PRO
4
2k
Hacobu Tech Deck
hacobu
PRO
0
110
AIはハッカーを減らすのか、増やすのか?──現役ホワイトハッカーから見るAI時代のリアル【MEGU-Meet】
cscengineer
0
120
昔はシンプルだった_AmazonS3
kawaji_scratch
0
330
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
320
Master Dataグループ紹介資料
sansan33
PRO
1
4.6k
実践ハーネスエンジニアリング:TAKTで実現するAIエージェント制御 / Practical Harness Engineering: AI Agent Control Enabled by TAKT
nrslib
9
4.5k
AI와 협업하는 조직으로의 여정
arawn
0
260
20260423_執筆の工夫と裏側 技術書の企画から刊行まで / From the planning to the publication of technical book
nash_efp
3
390
Standards et agents IA : un tour d’horizon de MCP, A2A, ADK et plus encore
glaforge
0
160
クラウドネイティブな開発 ~ 認知負荷に立ち向かうためのコンテナ活用
literalice
0
120
Featured
See All Featured
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.8k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
160
Speed Design
sergeychernyshev
33
1.6k
Paper Plane
katiecoart
PRO
1
49k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
130
Side Projects
sachag
455
43k
Java REST API Framework Comparison - PWX 2021
mraible
34
9.3k
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.4k
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.2k
A Modern Web Designer's Workflow
chriscoyier
698
190k
The Art of Programming - Codeland 2020
erikaheidi
57
14k
エンジニアに許された特別な時間の終わり
watany
106
240k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
yuj1osm
lemiorhan
hacobu
cscengineer
kawaji_scratch
ks91
sansan33
nrslib
arawn
nash_efp
glaforge
literalice
marktimemedia
jdejongh
sergeychernyshev
katiecoart
kimpetersen
sachag
mraible
dougneiner
geoffreycrofte
chriscoyier
erikaheidi
watany
